<?php namespace App\Http\Middleware;

use App\Models\User;
use Closure;

class RoleMiddleware {

	public function handle($request, Closure $next, $role) {
		$token = $request->session()->get('token');
		if ($token == false) {
			return view('admin.login');
		}
		$user = User::find($token['user_id']);
		if ($user->can($role) == false) {
			$data = ['msg' => '无效的操作权限', 'url' => HTTP_REFERER];
			return view('common.warning', $data);
		}
		return $next($request);
	}

}